Verified Commit dfc3df7b authored by Ralph Giles's avatar Ralph Giles
Browse files

Reference CVE-2018-10392 in the release notes.



The fix for this issue was in the 1.3.7 release, but we didn't
refer to the CVE number explicitly in the release notes. Do
so now for the benefit of anyone auditing vulnerability
fixes in the future.
Signed-off-by: Mark Harris's avatarMark Harris <mark.hsj@gmail.com>
parent 0657aee6
......@@ -2,6 +2,7 @@ libvorbis 1.3.7 (2020-07-04) -- "Xiph.Org libVorbis I 20200704 (Reducing Environ
* Fix CVE-2018-10393 - out-of-bounds read encoding very low sample rates.
* Fix CVE-2017-14160 - out-of-bounds read encoding very low sample rates.
* Fix CVE-2018-10392 - out-of-bounds access encoding invalid channel count.
* Fix handling invalid bytes per sample arguments.
* Fix handling invalid channel count arguments.
* Fix invalid free on seek failure.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment